/*
 * Copyright 2002-2013 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.config.http;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.config.BeanIds;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;

/**
 * @author Luke Taylor
 * @author Ben Alex
 * @author Rob Winch
 * @author Oliver Becker
 */
class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
    static final String ATT_DATA_SOURCE = "data-source-ref";
    static final String ATT_SERVICES_REF = "services-ref";
    static final String ATT_SERVICES_ALIAS = "services-alias";
    static final String ATT_TOKEN_REPOSITORY = "token-repository-ref";
    static final String ATT_USER_SERVICE_REF = "user-service-ref";
    static final String ATT_SUCCESS_HANDLER_REF = "authentication-success-handler-ref";
    static final String ATT_TOKEN_VALIDITY = "token-validity-seconds";
    static final String ATT_SECURE_COOKIE = "use-secure-cookie";
    static final String ATT_FORM_REMEMBERME_PARAMETER = "remember-me-parameter";

    protected final Log logger = LogFactory.getLog(getClass());
    private final String key;
    private final BeanReference authenticationManager;
    private String rememberMeServicesId;

    RememberMeBeanDefinitionParser(String key, BeanReference authenticationManager) {
        this.key = key;
        this.authenticationManager = authenticationManager;
    }

    public BeanDefinition parse(Element element, ParserContext pc) {
        CompositeComponentDefinition compositeDef =
            new CompositeComponentDefinition(element.getTagName(), pc.extractSource(element));
        pc.pushContainingComponent(compositeDef);

        String tokenRepository = element.getAttribute(ATT_TOKEN_REPOSITORY);
        String dataSource = element.getAttribute(ATT_DATA_SOURCE);
        String userServiceRef = element.getAttribute(ATT_USER_SERVICE_REF);
        String successHandlerRef = element.getAttribute(ATT_SUCCESS_HANDLER_REF);
        String rememberMeServicesRef = element.getAttribute(ATT_SERVICES_REF);
        String tokenValiditySeconds = element.getAttribute(ATT_TOKEN_VALIDITY);
        String useSecureCookie = element.getAttribute(ATT_SECURE_COOKIE);
        String remembermeParameter = element.getAttribute(ATT_FORM_REMEMBERME_PARAMETER);
        Object source = pc.extractSource(element);

        RootBeanDefinition services = null;

        boolean dataSourceSet = StringUtils.hasText(dataSource);
        boolean tokenRepoSet = StringUtils.hasText(tokenRepository);
        boolean servicesRefSet = StringUtils.hasText(rememberMeServicesRef);
        boolean userServiceSet = StringUtils.hasText(userServiceRef);
        boolean useSecureCookieSet = StringUtils.hasText(useSecureCookie);
        boolean tokenValiditySet = StringUtils.hasText(tokenValiditySeconds);
        boolean remembermeParameterSet = StringUtils.hasText(remembermeParameter);

        if (servicesRefSet && (dataSourceSet || tokenRepoSet || userServiceSet || tokenValiditySet || useSecureCookieSet || remembermeParameterSet)) {
            pc.getReaderContext().error(ATT_SERVICES_REF + " can't be used in combination with attributes "
                    + ATT_TOKEN_REPOSITORY + "," + ATT_DATA_SOURCE + ", " + ATT_USER_SERVICE_REF + ", " + ATT_TOKEN_VALIDITY
                    + ", " + ATT_SECURE_COOKIE + " or " + ATT_FORM_REMEMBERME_PARAMETER, source);
        }

        if (dataSourceSet && tokenRepoSet) {
            pc.getReaderContext().error("Specify " + ATT_TOKEN_REPOSITORY + " or " +
                    ATT_DATA_SOURCE +" but not both", source);
        }

        boolean isPersistent = dataSourceSet | tokenRepoSet;

        if (isPersistent) {
            Object tokenRepo;
            services = new RootBeanDefinition(PersistentTokenBasedRememberMeServices.class);

            if (tokenRepoSet) {
                tokenRepo = new RuntimeBeanReference(tokenRepository);
            } else {
                tokenRepo = new RootBeanDefinition(JdbcTokenRepositoryImpl.class);
                ((BeanDefinition)tokenRepo).getPropertyValues().addPropertyValue("dataSource",
                        new RuntimeBeanReference(dataSource));
            }
            services.getConstructorArgumentValues().addIndexedArgumentValue(2, tokenRepo);
        } else if (!servicesRefSet) {
            services = new RootBeanDefinition(TokenBasedRememberMeServices.class);
        }

        String servicesName;

        if (services != null) {
            RootBeanDefinition uds = new RootBeanDefinition();
            uds.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
            uds.setFactoryMethodName("cachingUserDetailsService");
            uds.getConstructorArgumentValues().addGenericArgumentValue(userServiceRef);

            services.getConstructorArgumentValues().addGenericArgumentValue(key);
            services.getConstructorArgumentValues().addGenericArgumentValue(uds);
            // tokenRepo is already added if it is a PersistentTokenBasedRememberMeServices

            if (useSecureCookieSet) {
                services.getPropertyValues().addPropertyValue("useSecureCookie", Boolean.valueOf(useSecureCookie));
            }

            if (tokenValiditySet) {
                boolean isTokenValidityNegative = tokenValiditySeconds.startsWith("-");
                if (isTokenValidityNegative && isPersistent) {
                    pc.getReaderContext().error(ATT_TOKEN_VALIDITY + " cannot be negative if using" +
                            " a persistent remember-me token repository", source);
                }
                services.getPropertyValues().addPropertyValue("tokenValiditySeconds", tokenValiditySeconds);
            }

            if (remembermeParameterSet) {
                services.getPropertyValues().addPropertyValue("parameter", remembermeParameter);
            }

            services.setSource(source);
            servicesName = pc.getReaderContext().generateBeanName(services);
            pc.registerBeanComponent(new BeanComponentDefinition(services, servicesName));
        } else {
            servicesName = rememberMeServicesRef;
        }

        if (StringUtils.hasText(element.getAttribute(ATT_SERVICES_ALIAS))) {
            pc.getRegistry().registerAlias(servicesName, element.getAttribute(ATT_SERVICES_ALIAS));
        }

        this.rememberMeServicesId = servicesName;

        BeanDefinitionBuilder filter = BeanDefinitionBuilder.rootBeanDefinition(RememberMeAuthenticationFilter.class);
        filter.getRawBeanDefinition().setSource(source);

        if (StringUtils.hasText(successHandlerRef)) {
            filter.addPropertyReference("authenticationSuccessHandler", successHandlerRef);
        }

        filter.addConstructorArgValue(authenticationManager);
        filter.addConstructorArgReference(servicesName);

        pc.popAndRegisterContainingComponent();

        return filter.getBeanDefinition();
    }

    String getRememberMeServicesId() {
        return this.rememberMeServicesId;
    }
}
